Defense Intelligence Agency CIO Doug Cossa speaking at the 2021 DODIIS Worldwide Conference.

Feb 10 2022

Q&A: DIA CIO Doug Cossa Outlines Planned Upgrades for Feds’ Top-Secret Network

The Defense Intelligence Agency is overhauling the intranet that serves both the intelligence community and agencies that need to share sensitive information.

The Joint Worldwide Intelligence Communications System originated in the 1990s as a stand-alone secure videoconferencing system that quickly expanded to reach policymakers and warfighters.

The successful initiative has evolved into a complex network that supports intelligence operations and sharing of top-secret information. The Defense Intelligence Agency, which oversees JWICS, is looking at a modernization plan that includes everything from physical network devices to global cloud access. DIA CIO Doug Cossa laid out the strategy for FedTech at the 2021 DoDIIS Worldwide Conference.

FEDTECH: What does the five-year modernization plan for JWICS mean in terms of technology investment or change management? 

Cossa: The problems that intelligence faces now are multicentric. When JWICS was originally designed, our problems were pretty well scoped; the world wasn’t as interconnected as it is today. Now, we use JWICS for every single function of the intelligence lifecycle, which has certainly evolved from where we were 30 years ago. The first part of modernization is the tech refresh — replacing the old hardware, the infrastructure that makes up the top-secret network. Routers, switches, encryption devices, everything that you think of in terms of what makes up a commercial network. 

But beyond that, the world has changed. We’re now operating in more locations all over the world, looking at new points of presence for JWICS and at areas that are remote that don’t necessarily have a strong commercial communications infrastructure. Beyond just replacing hardware at those nodes, it’s also adding what we refer to as redundancy and resiliency. We have smart routing that can route around problems automatically. We also have backup lines, so if a primary line goes down, we have a backup line that we can fail over to, eliminating single points of failure.

Click the banner below to get access to a customized content experience for networking tech,

FEDTECH: How does edge computing enable connectivity in areas with challenging network environments?

Cossa: We’re looking at this beyond just terrestrial circuits and exploring different means of adopting new technology, such as 5G and more advanced satellite communications, and then how to protect that information. Security goes hand in hand with the new communication methods that we’re looking to deploy. It’s also about resiliency. How do we get JWICS to the steady state where we were 30 years ago while taking JWICS to that next level and factoring in multifaceted dependencies? That’s the challenge we’re solving. 

FEDTECH: We’re in a world where everybody is moving to zero trust. What does that look like at DIA?

Cossa: We’re different from many other agencies because we not only operate the wide area network, but we also run the DoD Intelligence Information System, which is our local area network environment and desktop system. When we talk about zero trust at more basic levels, we must do things like encryption on both JWICS and our local networks. We have to do threat isolation on both networks at the hardware level. It’s well beyond what a traditional agency would have to consider. That’s where we get into digital policy, actually putting forth those guidelines. We know everything and everyone on our network who is connecting or attempting to connect, and we interact as needed as the mission changes. 

RELATED: How are IT leaders in the intelligence community approaching zero trust?

FEDTECH: DOD at large has decided to use a joint warfighting cloud capability and embrace a multicloud environment. How does that affect DIA?

Cossa: Connecting to the cloud isn’t instantaneous. There needs to be an infrastructure, a foundation in place to do that right now. We serve customers all over the world, particularly the combatant commands who have a need for cloud storage and cloud services. JWICS creates on-ramps to those cloud services and as we expand overseas; that’s particularly important for edge nodes.

Doug Cossa, CIO, Defense Intelligence Agency
The first part of modernization is the tech refresh — replacing the old hardware, the infrastructure that makes up the top-secret internet.”

Doug Cossa CIO, Defense Intelligence Agency

Our thinking about our use of cloud services has evolved. We were really vendor-centric before, but now within DIA we’re supporting multicloud. Our view has always been that we use the right cloud and the right service for the right function that we’re trying to perform. As part of that, though, there is a new role that DIA needs to take on for our customers for more governance in the sense of audit compliance, resource management, and cybersecurity and data standards. We want one shared, unified effort to leverage multicloud operations. What that requires is complete visibility over our use of cloud services and to meet those obligations of standards and policies across the audits, security and data management domains.

One of my priorities as CIO is to have a common DevSecOps platform where we create one pathway to getting to the cloud and hosting applications and data, and where we have complete oversight of our cloud usage and making sure we’re using the right capabilities for the right purpose. 

EXPLORE: How is the intelligence community revamping its common IT platform? 

FEDTECH: As hybrid and remote work take hold in the federal environment, what are DIA’s thoughts on the practices today?

Cossa: If there is a silver lining to COVID-19, it was that we realized that some functions within the agency can be done remotely, and it provides an opportunity for flexibility for our workforce. When COVID-19 started, we had a couple hundred users on our unclassified system. When everyone went on telework, we then had several thousand concurrently using our unclassified network, so we had to quickly spin up an updated infrastructure that could handle the new influx of traffic. My intent is to continue that infrastructure to provide flexibility to our workforce so people can perform unclassified functions from home in a secure way. That’s important to attracting and retaining a workforce; that’s one of my top priorities as CIO. 

Now, the majority of those functions are going to be on the business end of DIA functions — things like human resources, financial management, those types of business functions that are truly unclassified. We have moved a number of those management systems to the low side to be able to support a teleworking environment.

In our application development, not only do we run networks but we also build applications for the customers that we serve. We have moved a lot of that software development and software engineering to the low side. As we move into a multicloud environment and we have new cloud services that we want to take advantage of, our goal in the near term is to replicate that on the low side, be able to build and deploy from the unclassified network to JWICS, and to continue that going forward. We’re looking to expand to up to five cloud service providers.

Photography by Phil Goldstein

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.